We're looking at setting up a Service Desk for applications that will used by external organizations.

This means that we will provide support for those applications but we have no jurisdiction over the hardware/software used by the external organizations. The applications were designed to operate on multiple configurations.

We are also looking at constructing a CMDB. When constructing the CMDB, we can easily identify and maintain CIs for our own internal organization but we don't have the authority to instruct the external organizations to identify and maintain their CIs or to even give us this information.

Does any else have a similar Service Desk/User relationship? If so, what was your strategy for creating the CMDB with respect to external organization CIs?

Our options are:

1. Do not attempt to include external organization CIs in our CMDB.
2. Update CMDB with external organization CIs as part of the process of
recording incident details.
3. Get the external organizations to agree to identify and maintain their
CIs and we will have the ability view this information. (This option not
likely).
4. Any other options?

Any advice or suggestions regarding this issue would be greatly appreciated.

It depends on how deep of the information you want to capture for each CI. Maybe for the financial information, the external organization doesn't allow you to see. From our experience (we are supporting 10 customers), we are allowed to capture all CIs that must be supported by us. We capture the basic information only, i.e.: S/N, P/N, Name, Location, Brand, and Asset Code only. This is sufficient for us because we can check the S/N when they are reporting an incident. What we do is we provide the reasons why and what we need to capture to our customers and ask their approval.